United Kingdom

Information Protection and Business Resilience 

If pirates were operating openly in the English Channel there would be outrage, questions would be asked in Parliament, and a movie length documentary would be produced. Yet something similar is happening right now in the digital world.  The main difference is that the enemy is not a group of outlaws, they are often extremely educated, well organised, financially motivated and increasingly driven by ideology.


The enemy is targeting sensitive corporate information – a critical asset for all organisations that needs to be carefully protected at all times. If confidential business information is compromised reputations may be impacted, customer confidence may decrease and business partners may lose trust. Senior business executives will be held accountable when personal data is lost. They risk breaching legislation and regulations, both of which can result in significant financial penalties or even a prison sentence.


KPMG’s Information Protection and Business Resilience team helps organisations identify, prepare, manage and respond to these challenges through a range of advisory and assurance services. 

What's on your Mind?


  • How do I respond to this evolving threat landscape?
  • Is my organisation at risk from confidential data leakage?
  • How are my competitors addressing these challenges?
  • How do our suppliers handle our sensitive data?
  • What are the risks associated with adopting new channels and technologies?
  • How do I comply with the legislation, regulation and industry requirements?


Bringing you Peace of Mind


    We work with our clients to answer these questions and more. Some of our core service offerings are listed below:


  • Strategic security remediation and improvement programmes, including planning, design and management
  • Data leakage prevention assessments and incident response
  • Benchmarking across peer organisations and CISO roundtable discussions
  • Secure system design and advice on identity and access management
  • Supplier risk reviews and definition of good practice governance and processes
  • Risk advisory for new channels and technologies, as well as process definition and technology selection
  • Security assurance activities through UKAS accredited ISO 27001 certification and penetration testing  


What's in it for you?


  • New products and services are launched and operated with confidence
  • Confidence and assurance that information security risks are understood and managed
  • Accelerated remediation activity to reduce risk
  • Knowledge of industry leading practices to managing security
  • Cost effective compliance with security and privacy legislation, regulations and industry requirements




  • Award winning - We were awarded the “Information Security Consultancy of the Year” at the SC Magazine Europe Awards 2012 (and 2011). We received these awards as recognition of our ability to assist businesses with understanding and implementing information security management processes. We have also received an MCA Management Award for Business Strategy (PDF 186 KB) for our work with a leading bank on a major third party security assurance programme.
  • Independence - We are not tied into any technology or software vendor. All of our recommendations and technical strategies are based solely on what is fit and appropriate for your business.
  • Commitment - Our client relationships are built on mutual trust and long-term commitment to providing effective and efficient solutions, and we are dedicated to providing a service that is second to none.
  • Industry knowledge  We are proud to own the I-4 (International Information Integrity Institute), the world’s leading forum for senior information security leaders to collaborate and share knowledge. 


Case Study


Client Issue

Our client, a financial service provider, had suffered a security breach involving customer information at a third party supplier. Mindful of increased regulatory scrutiny and driven by its own determination to secure a tighter grip on its external relationships, they wished to implement a global assessment of the level of security control across all critical suppliers.

What we did

KPMG carried out comprehensive reviews into the data security of all of the client’s high-risk third party suppliers. KPMG engaged its global network of technical specialists and programme management experts to ensure that the programme was mobilised within hours of initial contact with the client.




  • A data security assessment report for each of the third parties – we reviewed 360 suppliers globally in five weeks.
  • Assistance with remediation planning for some suppliers following the discovery of 'major' findings.
  • The client could demonstrate to the regulator that they were taking full and appropriate action to adequately address the issues, thereby avoiding any imposed remedial action.


Malcolm Marshall

Malcolm Marshall


Head of Information Protection and Business Resilience 

020 7311 5456


Stephen Bonner

Stephen Bonner

Partner, Financial Services

Head of Information Protection and Business Resilience 

020 7694 1644


Charles Hosner

Charles Hosner

Partner, Corporates

Information Protection and Business Resilience 

07500 809 597


MArtin Tyley

Martin Tyley

Partner, Regions

Information Protection and Business Resilience 

0113 231 3934


For general enquiries please contact asksecurity@kpmg.co.uk


 Content Editor Web Part

KPMG Slant - The digital crossroads

KPMG Slant - The digital crossroads


Technology has revolutionised the day-to-day lives of individuals and organisations alike. But if we're to continue to benefit and to profit from it, and if we're to minimise the potential downsides, we're going to have make some choices.